[Fwd: Re: [ietf-dkim] canonicalized null body and dkim]

Charles Lindsey chl at clerew.man.ac.uk
Fri Dec 22 06:34:25 PST 2006 

On Thu, 21 Dec 2006 17:55:41 -0000, Hector Santos <hsantos at santronics.com>  
wrote:

> Tony Hansen wrote:
>> I left off a sentence in Point 7.
>>  Tony Hansen wrote:
>>> Point 7:
>>> 	Another way of expressing this algorithm that people may find
>>> 	easier to understand is:
>>>
>>> 	"If the last line of the message does not end with CRLF, CRLF is
>>> 	added. Then, CRLF 0*CRLF is reduced to a single CRLF."
>>  	"If the body only consists of a CRLF after this reduction, that
>> 	too is removed."
>
>
> Tony,
>
> For SIGNING......
>
> Does this imply that SIMPLE c14n SHOULD NOT be done when there exist  
> only 2 bytes <CRLF> in the body?

Why ever not? Simple says, roughly, "remove empty trailing lines from the  
body", so you remove them. Ah! you were confused by the "last line of the  
message does not end with CRLF" bit? But if the message body is empty,  
then there IS no last line, so the question does not arise. Probably  
better, then, to use my wording which clearly covers all these edge cases.
>
> For VERIFYING......
>
> When it comes to verification, the l= tag will determine what text was  
> canonilized.

If what was hashed was <empty>, then the signature should have claimed  
l=0. It says in 3.5 that the l= value MUST NOT be larger than the actual  
number of octets in the canonicalized message body (but a liberal verifier  
might, and maybe SHOULD, interpret that as "use the actual length, or the  
l= value, whichever is the smaller).
>
> if l=2,  that means two <CRLF> were hashed.

But that case cannot arise with the text proposed.
>
> if l= missing, that means at minimum two <CRLF> were hashed.

No, it means whatever the canonicalization produced would be hashed, which  
would be <empty> in this case.
>
> If l=0, no hashing was done.
>
> It sounds to me, that technically, the bottom line the SIMPLE c14n feed
> must end with <CRLF>, period.  If missing, it is added to the feed.

No! Magically appearing emptry line with CRLFs are _precisely_ what we are  
trying to avoid.

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5

More information about the ietf-dkim mailing list